git-commit-vandalism/builtin
Jeff King 090fd4fe24 upload-archive: use argv_array to store client arguments
The current parsing scheme for upload-archive is to pack
arguments into a fixed-size buffer, separated by NULs, and
put a pointer to each argument in the buffer into a
fixed-size argv array.

This works fine, and the limits are high enough that nobody
reasonable is going to hit them, but it makes the code hard
to follow.  Instead, let's just stuff the arguments into an
argv_array, which is much simpler. That lifts the "all
arguments must fit inside 4K together" limit.

We could also trivially lift the MAX_ARGS limitation (in
fact, we have to keep extra code to enforce it). But that
would mean a client could force us to allocate an arbitrary
amount of memory simply by sending us "argument" lines. By
limiting the MAX_ARGS, we limit an attacker to about 4
megabytes (64 times a maximum 64K packet buffer). That may
sound like a lot compared to the 4K limit, but it's not a
big deal compared to what git-archive will actually allocate
while working (e.g., to load blobs into memory). The
important thing is that it is bounded.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-02-20 13:42:21 -08:00
..
add.c Merge branch 'maint' 2013-02-12 12:23:12 -08:00
annotate.c
apply.c Merge branch 'jc/extended-fake-ancestor-for-gitlink' 2013-02-14 10:28:48 -08:00
archive.c Reduce translations by using same terminologies 2012-08-22 12:02:28 -07:00
bisect--helper.c i18n: bisect--helper: mark parseopt strings for translation 2012-08-20 12:23:15 -07:00
blame.c logmsg_reencode: lazily load missing commit buffers 2013-01-26 13:28:22 -08:00
branch.c Merge branch 'nd/branch-error-cases' 2013-02-07 14:41:38 -08:00
bundle.c
cat-file.c Merge branch 'maint-1.7.11' into maint 2012-09-10 15:31:06 -07:00
check-attr.c Merge branch 'maint' 2012-09-17 15:59:34 -07:00
check-ignore.c add git-check-ignore sub-command 2013-01-06 14:26:38 -08:00
check-ref-format.c
checkout-index.c Use imperative form in help usage to describe an action 2012-08-22 12:02:28 -07:00
checkout.c checkout: print a message when switching unborn branches 2012-11-15 17:36:26 -08:00
clean.c Merge branch 'as/check-ignore' 2013-01-23 21:19:10 -08:00
clone.c Merge branch 'jc/no-git-config-in-clone' 2013-02-01 12:39:37 -08:00
column.c i18n: column: mark parseopt strings for translation 2012-08-20 12:23:16 -07:00
commit-tree.c Merge branch 'kk/maint-commit-tree' 2012-07-23 20:55:54 -07:00
commit.c Merge branch 'maint' 2013-02-12 12:23:12 -08:00
config.c Merge branch 'cn/config-missing-path' into maint 2012-11-25 18:35:46 -08:00
count-objects.c i18n: count-objects: mark parseopt strings for translation 2012-08-20 12:23:16 -07:00
credential.c
describe.c Merge branch 'jk/peel-ref' 2012-10-25 06:42:27 -04:00
diff-files.c
diff-index.c update-index/diff-index: use core.preloadindex to improve performance 2012-11-02 11:38:29 -04:00
diff-tree.c
diff.c Merge branch 'kb/preload-index-more' 2012-11-20 10:32:10 -08:00
fast-export.c fast-export: make sure updated refs get updated 2012-12-03 09:57:16 -08:00
fetch-pack.c fetch-pack: avoid repeatedly re-scanning pack directory 2013-01-26 19:37:30 -08:00
fetch.c Merge branch 'jk/gc-auto-after-fetch' 2013-02-01 12:40:16 -08:00
fmt-merge-msg.c Merge branch 'jc/custom-comment-char' 2013-02-04 10:23:49 -08:00
for-each-ref.c Merge branch 'nd/i18n-parseopt-help' 2012-09-07 11:09:09 -07:00
fsck.c i18n: fsck: mark parseopt strings for translation 2012-08-20 12:23:17 -07:00
gc.c silence git gc --auto --quiet output 2012-09-27 17:57:26 -07:00
grep.c grep: avoid accepting ambiguous revision 2013-01-21 16:57:38 -08:00
hash-object.c i18n: hash-object: mark parseopt strings for translation 2012-08-20 12:23:17 -07:00
help.c Merge branch 'jk/config-parsing-cleanup' 2013-02-04 10:24:50 -08:00
index-pack.c i18n: mark more index-pack strings for translation 2012-08-31 13:05:05 -07:00
init-db.c i18n: init-db: mark parseopt strings for translation 2012-08-20 12:23:17 -07:00
log.c Merge branch 'ap/log-mailmap' 2013-01-20 17:06:53 -08:00
ls-files.c Merge branch 'as/check-ignore' 2013-01-23 21:19:10 -08:00
ls-remote.c ls-remote: document the '--get-url' option 2012-09-07 10:58:35 -07:00
ls-tree.c pathspec: save the non-wildcard length part 2012-11-19 13:08:28 -08:00
mailinfo.c Merge branch 'jc/same-encoding' into maint 2012-12-07 14:10:56 -08:00
mailsplit.c
merge-base.c Merge branch 'jc/merge-bases' 2012-09-11 11:36:05 -07:00
merge-file.c i18n: merge-file: mark parseopt strings for translation 2012-08-20 12:23:18 -07:00
merge-index.c Which merge_file() function do you mean? 2012-12-09 23:05:27 -08:00
merge-ours.c
merge-recursive.c
merge-tree.c merge-tree: fix d/f conflicts 2012-12-26 14:46:15 -08:00
merge.c Merge branch 'jc/custom-comment-char' 2013-02-04 10:23:49 -08:00
mktag.c read_sha1_file(): get rid of read_sha1_file_repl() madness 2011-05-15 15:23:33 -07:00
mktree.c i18n: mktree: mark parseopt strings for translation 2012-08-20 12:23:18 -07:00
mv.c i18n: mv: mark parseopt strings for translation 2012-08-20 12:23:18 -07:00
name-rev.c i18n: name-rev: mark parseopt strings for translation 2012-08-20 12:23:18 -07:00
notes.c Allow custom "comment char" 2013-01-16 12:48:22 -08:00
pack-objects.c Merge branch 'jk/peel-ref' 2012-10-25 06:42:27 -04:00
pack-redundant.c Fix sizeof usage in get_permutations 2012-12-13 11:13:44 -08:00
pack-refs.c i18n: pack-refs: mark parseopt strings for translation 2012-08-20 12:23:19 -07:00
patch-id.c
prune-packed.c i18n: prune-packed: mark parseopt strings for translation 2012-08-20 12:23:19 -07:00
prune.c Merge branch 'rj/path-cleanup' 2012-09-14 11:53:53 -07:00
push.c Merge branch 'jc/push-reject-reasons' 2013-02-04 10:25:04 -08:00
read-tree.c i18n: read-tree: mark parseopt strings for translation 2012-08-20 12:23:19 -07:00
receive-pack.c Merge branch 'jc/hidden-refs' 2013-02-17 15:25:57 -08:00
reflog.c reflog: use parse_config_key in config callback 2013-01-23 12:58:33 -08:00
remote-ext.c
remote-fd.c
remote.c Fix typo in remote set-head usage 2012-11-26 13:27:45 -08:00
replace.c replace: parse revision argument for -d 2012-11-13 08:34:14 -05:00
rerere.c i18n: rerere: mark parseopt strings for translation 2012-08-20 12:23:19 -07:00
reset.c reset: update documentation to require only tree-ish with paths 2013-01-16 12:50:23 -08:00
rev-list.c Move print_commit_list to libgit.a 2012-10-29 03:08:30 -04:00
rev-parse.c Merge branch 'maint-1.7.11' into maint 2012-09-12 14:08:05 -07:00
revert.c Merge branch 'mz/cherry-pick-cmdline-order' 2012-09-10 15:42:55 -07:00
rm.c Merge branch 'jl/submodule-rm' 2012-11-29 12:52:30 -08:00
send-pack.c push: introduce REJECT_FETCH_FIRST and REJECT_NEEDS_FORCE 2013-01-24 14:37:23 -08:00
shortlog.c Merge branch 'ap/log-mailmap' 2013-01-20 17:06:53 -08:00
show-branch.c i18n: show-branch: mark parseopt strings for translation 2012-08-22 10:58:28 -07:00
show-ref.c Merge branch 'jk/peel-ref' 2012-10-25 06:42:27 -04:00
stripspace.c Allow custom "comment char" 2013-01-16 12:48:22 -08:00
symbolic-ref.c git symbolic-ref --delete $symref 2012-10-21 12:17:38 -07:00
tag.c Allow custom "comment char" 2013-01-16 12:48:22 -08:00
tar-tree.c
unpack-file.c
unpack-objects.c
update-index.c Merge branch 'kb/preload-index-more' 2012-11-20 10:32:10 -08:00
update-ref.c Use imperative form in help usage to describe an action 2012-08-22 12:02:28 -07:00
update-server-info.c i18n: update-server-info: mark parseopt strings for translation 2012-08-22 10:58:29 -07:00
upload-archive.c upload-archive: use argv_array to store client arguments 2013-02-20 13:42:21 -08:00
var.c
verify-pack.c i18n: verify-pack: mark parseopt strings for translation 2012-08-22 10:58:29 -07:00
verify-tag.c i18n: verify-tag: mark parseopt strings for translation 2012-08-22 10:58:29 -07:00
write-tree.c i18n: write-tree: mark parseopt strings for translation 2012-08-22 10:58:29 -07:00